Looking for suitable candidates to “Cybersecurity – GRC” team for a leading professional services firm. The candidate should have 2 -5 years’ experience in Vulnerability assessment & Penetration Testing and project management with a consulting firm.
Position: Sr. Technology Security Consultant
Job Description:
- Conduct Vulnerability Assessments of Network and Security Devices using various open source and commercial tools
- Conduct Web & Mobile security assessment based on OWASP framework
- Conduct source code review of web & mobile applications
- Conduct threat modeling & reverse engineering to find out root causes of attack
- Map out a network, discover ports and services running on the different exposed network and security devices and conduct threat hunting
- Conduct penetration test and launch exploits using Nessus, Kali, Wireshark, Metaspoilt, Backtrack penetration testing distribution tools sets
- Research and maintain proficiency in computer network exploitation, tools, techniques, countermeasures, and trends in computer network vulnerabilities, data hiding, network security, and encryption.
- Analyze scan reports and suggest remediation / mitigation plan
- Keep track of new vulnerabilities on various network and security devices for different vendors
- Review software posture and work with operations to plan code version upgrade requirements of supported security and network devices
- Advanced technical analysis on intrusions
- Audit configuration of Network and Security devices
- Providing rich client specific reports
Pre-Requisites:
- Experience on network & application vulnerability scanning penetration testing
- Experience with Nessus NetCat, NMAP Backtrack, Metasploit, , HPing, and similar tools set like RetinaCS, Qualys, McAfee (Foundstone)
- Knowledge of Network Security technology in areas of Firewall, IPS, VPN, Gateway security solutions (proxy, web filtering)
- Knowledge on cloud security & assessment
- In-depth understanding on Common Vulnerability Exposure (CVE)/ Cert advisory database
- Analytical thinker willing to “think outside the box” to resolve customer impacting situations on first contact; understand customer risk profile.
- Self-starter and ability to deliver under defined time lines
Qualification:
- Certifications like CEH, OSCP is must, CHFI, CompTIA Security+ is added advantage
- 2 – 5 years in field of IT Security Services
- Graduate degree
- Broad background of networks, operating systems (Window, Unix, Linux), firewalls and security engineering concepts;
- Knowledge of security technologies deployment strategies and experience in SIEM tools (RSA enVision, ArcSight, LogRhythm )with be advantageous
- Knowledge of scripting languages (C++, C#, Perl, CGI, HTML, Java, TCL , Shell) will be added advantage
I’m interested